Database Security Design Deliverable Template
From MIKE2.0 Methodology
-> You are here: Database Security Design Deliverable Template
The Database Security Design task defines the controls that will be implemented to restrict users from accessing information, based on how the information is classified and the security model. Example controls include:
Database security is the last line of defense to protect information assets. For an information management engagement it is typically the area where the implementation team will be most directly involved.
Example 1 - Sample Database security controls for a data warehouse
The default security policy for the project is a closed one – users are granted access on a need-to-see basis, and the access rights are regularly reviewed.
Please refer to the Data Warehouse Security Strategy document for more information.
Standard Client access controls will be applied to both the data warehouse servers and the client-access machines.
Servers will be housed in the Client data room, and will be directly accessible only to authorized IT staff.
Please refer to the existing Client documentation for more information regarding workstation access controls.
Majority of the end-users will authenticate against the Web server – in this case, MicroStrategy. MicroStrategy can use LDAP to pass authentication requests to the NDS infrastructure, and this option is being investigated. In lieu of NDS integration, user accounts will be maintained within MicroStrategy.
Users accessing other solution components will authenticate using application-level security mechanisms.
Novell NDS is used to authenticate user access to individual workstations. Please refer to the Client Security Architecture document for more information regarding user authentication.
Oracle database authorization mechanisms will be used to manage user access to the data warehouse resources. Novell NDS may be integrated to provide LDAP authorization capabilities.
Restricted entities (table and column security)
Certain tables or columns may be inaccessible to most users. Access restriction profiles will be controlled using Oracle roles, and defined as a result of source system analysis.
Restricted content (row-level security)
For performance reasons, row-level security will not be used.
Instrumentation and logging
Standard database and application logging facilities will be used. Existing Client server management applications will be relied upon for log analysis.
Certification and non-repudiation
No certification or non-repudiation capabilities are deemed necessary for the data warehouse
Wiki asset search